122.224.6.164 zeus.sunke.info
ilo.brenz.pl
Resolved : [ilo.brenz.pl] To [94.63.149.150]
HTTP QueriesHTTP Query Text
– x82x96xa2xe3xdaxd1xc7
Remote Host Port Number
122.224.6.164 82
174.123.157.154 80
174.133.57.141 80
193.5.110.10 80
204.0.5.40 80
204.0.5.48 80
204.0.5.59 80
207.46.202.15 80
64.38.232.180 80
65.55.13.243 80
66.114.51.107 80
60.190.223.132 88
60.190.223.60 2011
60.190.223.60 2012
60.190.223.60 888
61.147.99.179 81
66.228.49.83 1867
83.133.119.197 65520 Service Pack 2.
USER wtwywf wtwywf wtwywf :pephacexcxsvvxhv
NICK AVwiDUnR
NICK cpwiecqr
USER y020501 . . :-
PONG :j.
JOIN &virtu
* The data identified by the following URLs was then requested from the remote web server:
o http://zeus.sunke.info:82/hn.gif?t=0.0204584
o http://a.95622.com/p6.asp?MAC=00-0C-29-7C-9D-7C&Publicer=dc99
o http://1.95622.com/p6.asp?MAC=00-0C-29-7C-9D-7C&Publicer=dc99
o http://www.ubs.com/1/live/homepage/shared/jquery.cookie.js
o http://www.ubs.com/1/live/homepage/shared/thickbox.js
o http://www.ubs.com/1/live/homepage/global/index_global.js
o http://www.ubs.com/1/live/homepage/global/img_flash_fallback_e.jpg
o http://www.ubs.com/1/e/index/global/feed_stockticker_global.xml
o http://www.ubs.com/1/webtrends.js
o http://www.ubs.com/
o http://www.ubs.com/1/live/homepage/shared/thickbox.css
o http://www.ubs.com/1/live/homepage/shared/index.css
o http://www.ubs.com/1/live/homepage/global/sprite_e.css
o http://www.ubs.com/1/live/homepage/shared/logo.gif
o http://www.ubs.com/1/live/homepage/shared/icon_arrow_right_white.gif
o http://www.ubs.com/1/live/homepage/shared/bg_country.gif
o http://www.ubs.com/1/live/homepage/shared/bg_login.gif
o http://www.ubs.com/1/live/homepage/shared/bg_nav.gif
o http://www.ubs.com/1/live/homepage/shared/jquery.js
o http://www.ubs.com/1/live/homepage/global/navsprite_e.gif
o http://www.ubs.com/1/live/homepage/shared/icon_arrow_trans.gif
o http://www.ubs.com/1/live/homepage/shared/sprites_icons.gif
o http://www.ubs.com/1/live/homepage/shared/swfobject.js
o http://as.casalemedia.com/sd?s=98198&f=1
o http://as.casalemedia.com/sd?s=98198&f=1&C=1
o http://cdn.optmd.com/V2/76675/195819/index.html?g=Af////8=&r=assetfixed.com/
o http://cdn.optmd.com/V2/76675/195819/index.html?g=Af////8=&r=assetfixed.com/default.php?qry=692b0bab97ed84cff77ac05f9fccf3b951f6e26d7d85c0d987fe40703dad85f6a41f76df59b701913b4edc15488b59a24
o http://i.casalemedia.com/imp.gif?c=76675&cr=195819
o http://myck.nucleardiscover.com:88/p6.asp?MAC=00-0C-29-7C-9D-7C&Publicer=100
o http://ck3.nucleardiscover.com:88/p6.asp?MAC=00-0C-29-7C-9D-7C&Publicer=100
o http://ru.letmedo.net:2011/myck.jpg?t=0.5733148
o http://ru.letmedo.net:2011/ck3.jpg?t=0.3679926
o http://sb.letmedo.net:2012/p/out/kp.exe
o http://w.nucleardiscover.com:888/list.php?c=B4AC885F94224AE64DAAC6EE0346C213D049B58E0B2F69C0DCE5CA9F5FF3F6CFDFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5FF432C&v=2&t=0.4368097
o http://w.nucleardiscover.com:888/list.php?c=B4AC885F94224AE64DAAC6EE0346C213D049B58E0B2F69C0DCE5CA9F5FF3F6CFDFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5FF432C&v=2&t=0.9603693
o http://w.nucleardiscover.com:888/list.php?c=B4AC885F94224AE64DAAC6EE0346C213D049B58E0B2F69C0DCE5CA9F5FF3F6CFDFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5FF432C&v=2&t=0.4172785
o http://61.147.99.179:81/gggg_r.jpg?t=0.1321833
o http://businesscarcheaphire.info/
o http://www.gogogo.com/redirectError.php
o http://assetfixed.com/
o http://assetfixed.com/redirectExitTrack.php?d=assetfixed.com&r=27&u=http%3A%2F%2Fas.casalemedia.com%2Fsd%3Fs%3D98198%26f%3D1
o http://assetfixed.com/vtrack.php?qry=7941de4a2762f59718d9c086e4f76cd9c89311698a7c7110f9028625985f9bb1cc17d67a94d3413e8d41b401dd88b34d
o http://dietsnote.com/
o http://dietsnote.com/vtrack.php?qry=7e1c193f5aa60fddc332037c9aa7ce1c308134674f3196e8890739bc8708495a7e56cc821acbc1b2190aa5c6ca95158e
o http://assetfixed.com/vtrack.php?qry=4a762a79244d0be2e1e0b70e2323c008e490a3bb126ad2402a999c1fbe2173c63c184df962073b13d4f91b014a04769736352f76ffd17b51b8bf51ccaa52bc50
o http://dietsnote.com/vtrack.php?qry=850460056537949a0258fe4f35c108bda8c5df47270f7531940e08d68ba34fae7cdb3cebd12eaf2b9d1dc8bd9873d1d4
o http://activex.microsoft.com/objects/ocget.dll
o http://codecs.microsoft.com/isapi/ocget.dll
o http://images.ddc.com/nicheImages/778x91b/default.jpg
o http://images.ddc.com/nicheImages/60×22/default.jpg
o http://images.ddc.com/nicheImages/498×257/42.jpg
o http://images.ddc.com/images/1601-spacer2.jpg
o http://images.ddc.com/nicheImages/155×124/42.jpg
o http://images.ddc.com/nicheImages/270x26a/default.jpg
o http://images.ddc.com/nicheImages/155x124b/42.jpg
o http://images.ddc.com/nicheImages/270x26b/default.jpg
o http://images.ddc.com/nicheImages/155x124c/42.jpg
o http://images.ddc.com/nicheImages/778×69/default.jpg
o http://images.ddc.com/nicheImages/11×11/default.jpg
o http://images.ddc.com/nicheImages/270×96/42.jpg
o http://images.ddc.com/nicheImages/270x26c/default.jpg
o http://ad.doubleclick.net/adi/N5685.126265.1877228746421/B3560676.5;sz=720×300;click0=http://c.casalemedia.com/c/1/1/76675/;ord=
o http://s0.2mdn.net/879366/flashwrite_1_2.js
o http://s0.2mdn.net/2258832/1400_10mm_starfield_720x300.jpg
exe file used to spread from these lamers:
http://www.multiupload.com/53VSJUHD5M
http://78cc9867.ultrafiles.net
Virus Total Scan:
http://www.virustotal.com/file-scan/report.html?id=1ced3d60b5eebd8ca5a7b793a926af5c091b50cc20f4fd5bbde5313096874914-1321299285